It has been almost a couple of months since my last post, but its back with a bang. Following on from my previous post on Art & Collectibles & the Codex Protocol, which you can find here, I will be discussing how will be disrupted with the emergence of the blockchain and cryptocurrencies. Real World Applications of Cryptocurrencies User Authentication Overview is a major problem in today’s tech-driven world, and it’s only getting worse; it’s the in the United States. The is , purely driven by the rise in cybercrime. According to a Cybersecurity Ventures , the cyber security industry saw a growth of over between 2004 and 2017. It with governments and institutions investing billions upon billions in cyber security. Cybercrime fastest growing crime cyber security market expanding rapidly report 350% grew from $3.5Bn to $120Bn in just over a decade The report also points out how cybercrime will cost the world , an from the . Digging a bit deeper into numbers, in a , the UK Government, reported that have ” alone. $6Tn in 2021 increase of 200% $3Tn figure in 2015 recent survey over 43% business “experienced a cyber security breach or attack in the past year The Problem As mentioned in the previous section, governments and companies spend billions on cyber security. Cyber attacks can come in a multitude of forms but in this post I will focus on . These include (definitions taken from techopedia and rapid7): user authentication attacks — in which an attacker tries to log in to a user’s account by systematically checking and attempting all possible passwords and passphrases until the correct one is found. Brute-Force and Dictionary Attacks — redirects website traffic through hacking, whereby the hacker implements tools that redirect a search to a fake website. Pharming — is the fraudulent act of acquiring private and sensitive information, such as credit card numbers, personal identification and account usernames and passwords. Using a complex set of social engineering techniques and computer programming expertise, phishing websites lure email recipients and Web users into believing that a spoofed website is legitimate and genuine. Phishing — the act of intercepting sensitive information (i.e. passwords and cookies) by serving browser add-ons. Malicious Browser Add-ons — allow attackers to eavesdrop on the communication between two targets. The attack takes place in between two legitimately communicating hosts, allowing the attacker to “listen” to a conversation they should normally not be able to listen to. ( ) Man-in-the-Middle Attacks MITM — the non-technical cracking of information security. It applies deception for the sole purpose of gathering information, fraud or system access. Social Engineering Attacks Currently, are the predominant way to authenticate users. Unfortunately, due to human nature, password-based authentication is . Humans are not great at creating effective passwords and very often choose easy-to-obtain passwords. On occasion, when people do create effective passwords, these are often written on a piece of paper or an electronic document making them . Additionally, passwords are likely to be for multiple logins or infrequently changed. usernames & passwords extremely weak significantly less secure re-used Just to give you an idea how serious this problem is, found that . Verizon’s 2016 Data Breach Investigations Report 63% of confirmed data breaches involved weak, default or stolen passwords In order to solve this problem, ( ) has been introduced in many places. is the process in which you need to using (using an app on your phone, a code via SMS, etc.). Unfortunately, this secondary security measure, , as there have been numerous cases of accounts being compromised even with enabled. multifactor authentication MFA MFA confirm your identity additional ‘factors’ isn’t fool proof either MFA An alternative to 2FA is , in which users are securely authorized by instead of a username and password. This solves some of the issues with username & password authentication (like phishing, MITM) but not everything. certificate based authentication exchanging a digital certificate is built using a ublic ey nfrastructure ( ). The backbone of PKIs are (that can only be issued by centralized authorities) which are used to cryptographically link ownership of a with the entity that owns it. This offers stronger security (but not fool proof) as a trusted part mutually authenticates the client and server through a secure channel. Unfortunately, these certificates are and . You can find more information on digital certificates and PKIs, . Certificate based authentication centralized P K I PKI digital certificates public key centrally managed vulnerable to cyber attacks here To conclude this section, there are two major issues with user authentication today; the and the centralized instances of . weakness of passwords PKI The Proposal caught my attention when researching this particular problem. REMME is a solution leveraging an open source protocol whilst utilizing the blockchain to replace traditional centralized instances of Public Key Infrastructure (such as Certificate Authorities, Registration Authorities, Lightweight Access Directory Protocol etc.). It’s doing so with a blockchain based Network of Trust, built on top of Hyperledger Sawtooth. REMME In simpler terms, utilizes the blockchain in order to provide the ability to log in to any service (that implements ) more securely by getting rid of the need for passwords. REMME REMME is a Ukrainian company launched in by and and was the of the Microsoft Blockchain Incentive award in 2017. On October 2017, launched a for companies looking to trial their ecosystem. Since then, it has attracted interest from almost coming from a variety of industries, including, Ukrinmash, Infopulse, Hotmine, Constitutional Health and Changelly. REMME 2015 Alex Momot Kate Pospelova winner REMME pilot program 300 global enterprises How It Works Simply put, is creating a ublic ey nfrastructure ( ) with the blockchain acting as . REMME distributed P K I PKId central authority will provide the ability for users to generate/revoke their own certificates. Once these are generated, nodes will need to validate the transaction. Upon validation, a unique identifier of the certificate (it’s hash), it’s state (whether it was issued or revoked), the public key and expiration date, are stored on the blockchain. This essentially creates an . REMME immutable record to validate certificates required for authentication When a user wishes to authenticate, they will be able to do so with a . A check will then be performed on the blockchain to verify that the device’s certificate is correct with entry granted entry once verified. simple click You might be wondering what happens if this device gets lost or stolen? The REMME team provides an excellent explanation with what will happen in this scenario, . here To complement their protocol, the team is building a number of ecentralized pplications ( ), including: REMME D A dApps — a white label authentication system that will allow users to log on to services without a password. You can try the WebAuth demo, , with details on how to do so, . REMME WebAuth here here — Secure access to internal corporate systems utilizing X.509 self-signed certificates for authentication and secure user access, at a device level without the need for username & passwords. REMME Enterprise — Authorization for device-to-device communication REMME for IoT Additionally, is creating an which gives developers the ability to create their own dApps on the . REMME SDK REMME blockchain As a matter of fact, has just rolled out a part of their solution on their . This includes the following: REMME testnet The REMChain, consisting of 5 masternodes (to maintain the testnet) The REMChain Block Explorer dApp The REMChain Node Monitoring dApp The REMME WebAuth Demo dApp You can find more information about the above and their release, . testnet here As a matter of fact, contains all necessary functionality for the complete life-cycle of digital certificates. invites developers to explore how the technology works and compliment the already existing use cases by implementing their own ideas on the protocol. REMME’s testnet REMME The team has created a brilliant video showing how it all comes together, which you can find below. REMME To keep up to date with their latest developments, make sure you visit their and join their . If you want to dig even deeper into their technology, make sure to check out their blog at . website community REMME The Solution By introducing the and a suite of to accommodate it, is killing 2 birds with 1 stone — username & passwords weakness and the centralized nature of today’s PKIs. It is in prime position to solve the issues discussed above (and improve upon them), in the following ways: PKId dApps REMME By leveraging the blockchain, making user credential leaking virtually impossible. Better Credential Storage — REMME removes the need for centralized storage — As governments, companies and individuals spend more and more money to secure their systems and processes, eliminates the need for much of this, thus bringing costs down. Reduced Costs REMME — The human factor is the weakest link in the cyber security chain (phishing, common passwords, etc.) and by removing it from the equation, improves security significantly. Removal of Human Factor removes the weak parts of cyber security from the equation; most notably passwords and centralized PKIs which are the most vulnerable part of cyber security. Stronger Protection — REMME You can find a full list of cyber attacks can protect against, . REMME here How Are Remme (REM) Tokens Used? will be central to all operations in the ecosystem and will act as a utility token to access PKId and the dApps built on top of it. can be used in the following ways: REM REM Products wishing to use REMME will to for their clients, employees, partners, etc. Certificate Generation — pay REM generate certificates — and a dApp on top of the REMME Protocol will require . dApp Creation Developing releasing REM — can be “frozen” ( ) in order to setup a (250,000 REM required). Once staked (and approved), masternodes . You can find more about REMME’s masternodes, . Staking REM staked masternode “have the opportunity (if the consensus algorithm chooses them) to sign the block transaction and get a reward” here How many claps does this post deserve? How about a follow? If you enjoyed this post, please feel free to 👏 👏 many times (you know you want to!), give my blog a 👣 👣 and 🤲 🤲 with your friends. There’s a limit of 👏 👏 you can give to each post, so I urge you not to try and exceed that limit… you might break Medium! clap follow share 50 claps Speaking of which… If I still have your attention, please leave a comment and let me know what else you would like to see me writing about. You can find links to my social media and sign up to my newsletter below. contact@ermos.io You can also show your support by donating to the following address: : ETH 0x4c7195E074cf0Ab6F77Bdb7C97Fd2567066Bb712 . Disclaimer: All information and data on this blog post is for informational purposes only. My opinions are my own. I do not provide personal investment advice and I am not a qualified licensed investment advisor I make no representations as to the accuracy, completeness, suitability, or validity, of any information. I will not be liable for any errors, omissions, or any losses, or damages arising from its display or use. All information is provided as is with no warranties and confers no rights.

Chain

Dapp

Infopulse

Microsoft

Twitter

3 Ways Blockchain Can Revolutionize Education

3 Cryptocurrencies To Earn You Money While You Sleep — An Aggregation

Visit my website for more info

Read My Stories

Too Long; Didn't Read

Boost your HackerNoon story @ $159.99! 🚀

Real World Applications of Cryptocurrencies — User Authentication

Real World Applications of Cryptocurrencies — User Authentication

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

3 Coins To Watch Once The Market Turns Green Again

$1B Capitalization: Meme Token Launch Strategy Under the Microscope

$1M Hackathon Prizes Announced By MultiversX to Expand the Blockchain Ecosystem

0 to $2000 MRR in One Month - Lessons Learned

07/03/2018: Biggest Stories in the Cryptosphere

06/09/2018: Biggest Stories in the Cryptosphere

3 Coins To Watch Once The Market Turns Green Again

$1B Capitalization: Meme Token Launch Strategy Under the Microscope

$1M Hackathon Prizes Announced By MultiversX to Expand the Blockchain Ecosystem

0 to $2000 MRR in One Month - Lessons Learned

07/03/2018: Biggest Stories in the Cryptosphere

06/09/2018: Biggest Stories in the Cryptosphere

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps